This directive allows Squid to accept encrypted (SSL or TLS) connections. It is available only when you use the /configure enable-ssl option.

The mandatory cert= argument specifies the pathname to an SSL certificate file in PEM format. This is the format commonly used by OpenSSL and other security software for portable representation of encryption keys.

The optional key= argument is the path to a private key file. If you omit this option, Squid assumes the former key file also contains a private key.

You can use the version= argument to tell Squid which protocol versions are allowed: 1=automatic, 2=SSLv2 only, 3=SSLv3 only, 4=TLSv1 only.

The cipher= argument is an optional colon-separated list of allowed ciphers. Squid simply passes this list to the SSL_CTX_set_cipher_list( ) function.

Lastly, the options= argument allows you to pass additional configuration parameters to the OpenSSL library. For example, NO_SSLv2, NO_SSLv3, and NO_TLSv1 disable the use of those particular protocols. Additional option keywords are defined in Squid's src/ssl_support.c file.


https_port [hostname:]port cert=certificate.pem [key=key.pem] [version=N]

[cipher=list] [options=SSL_Options]


No default


https_port 443 cert=/etc/squid-cert.pem key=/etc/squid-privkey.pem


http_port, http_access

    Appendix A. Config File Reference